Sophisticated Phishing Scam Targeting Lloyds Bank Customers
Lloyds Bank customers are being targeted by a sophisticated email and SMS messaging phishing campaign, according to an investigation by law practice Griffin Law.
An estimated 100 people have reported receiving fake communication purporting to be from Lloyds, which is one of the largest banks in England and Wales.
In the email scam, a realistic-looking email using Lloyds logos and branding is distributed containing the subject header: “Alert: Document Report – We noted about security maintenance.” The message, which has spelling errors and some Chinese characters, claims that the recipient’s bank account has been compromised, stating: “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension until you verify your account.”
Users are then redirected to a fraudulent site called Lloyds[Dot]bank[Dot]unusual-login[Dot]com, which attempts to trick visitors into believing it is legitimate through the use of official branding. The site then requests customers’ log-in details including passwords, account information and security codes and other person data.
In the SMS version of the scam, people received a text attempting to entice them into visiting the same fraudulent site. It says: “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com.”
In a tweeted response to a user who informed them they had received the scam email, Lloyds Bank said: “This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at firstname.lastname@example.org.”
Commenting on Griffin Law’s discovery, Chris Ross, SVP at Barracuda Networks, said: “Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.
“These scams can be very convincing, making use of official logos, wording and personalised details to lull the individual into a false sense of security. In most cases, the victim will be directed to a fraudulent but realistic-looking website, where they are urged to enter account details, passwords, security codes and PIN numbers.
“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account. Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
We’re 4tc Managed IT Services
4TC can support you with all the services you need to run your business effectively, from email and domain hosting to fully managing your whole IT infrastructure.
Setting up a great IT infrastructure is just the first step. Keeping it up to date, safe and performing at its peak requires consistent attention.
So we can act as either your IT department or to supplement an existing IT department. We pride ourselves in developing long term relationships that add value to your business with high quality managed support, expert strategic advice, and professional project management.
News Source: https://www.infosecurity-magazine.com/
Tel: 020 7250 3840
124 City Road
Dew Gates The Street